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Top Stories 

• Officials reported September 9 that a Salmonella Poona outbreak linked to cucumbers 
grown in Mexico has killed 2 people and sickened 341 people across 30 States. - CNN (See 
item 14) 

• Excellus BlueCross BlueShield announced September 9 that hackers gained unauthorized 
access to information technology systems in 2013, potentially compromising the 
information of approximately 10.5 million individuals. - SC Magazine (See item 17 ) 

• Researchers announced that the Turla advanced persistent threat (APT) group utilizes 
design flaws on older communications satellites, allowing the group to intercept Internet 
traffic and hide the location of their command-and-control (C&C) servers. - Softpedia (See 
item 24) 

• Zimperium released its Stagefright exploit code and Python script, allowing users to test if 
their devices are vulnerable to the Stagefright bug. - Softpedia (See item 25 ) 
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Energy Sector 



1. September 8, U.S. Department of Labor - (Texas) 3 oil well service workers killed in 
west Texas rig fire due to ignition hazard and lack of flame- retardant clothing, 
OSHA finds. The Occupational and Safety and Health Administration announced 
September 8 that Mason Well Services was cited for one repeat and five serious 
violations after the company failed to prevent contact between an ignition source and 
flammable liquids and gasses, and failed to ensure workers wore proper attire resulting 
in the death of three employees in March at an Upton County, Texas oil rig. Proposed 
fines total $50,400. 

Source: 

https://www.osha.gov/pls/oshaweb/owadisp.show document?p table=NEWS RELEA 
SES&p id=28677 

Chemical Industry Sector 

See item 12 

Nuclear Reactors, Materials, and Waste Sector 

Nothing to report 

Critical Manufacturing Sector 

2. September 9, U.S. Consumer Product Safety Commission - (National) Panasonic 
recalls metal cutter saws due to laceration hazard. Newark-based Panasonic 
Corporation of North America issued a recall September 9 for approximately 165 units 
of its Metal Cutter Saw Kit and Metal Cutter Combo Kit manufactured in China and 
Japan due to a laceration hazard in which the lower blade guard can get caught in the 
fully retractable position and not automatically release to cover the blade. The products 
were sold nationwide from April 2014 to June 2015. 

Source: http://www.cpsc.gov/en/Recalls/2015/Panasonic-Recalls-Metal-Cutter-Saws 

3. September 9, U.S. Consumer Product Safety Commission - (National) Mini bikes 
recalled by Baja Motorsports due to fall and crash hazards; sold exclusively at 
Tractor Supply Company. Anderson, South Carolina-based Baja Inc. (Baja 
Motorsports) issued a recall September 9 for approximately 4,600 of its Mini bikes 
after receiving 22 reports and 1 1 accounts of minor injuries that revealed fall and crash 
hazards when the front fork of the bike separated from the wheel. The products were 
sold exclusively at Tractor Supply Company stores from February to August. 

Source: http://www.cpsc.gov/en/Recalls/2015/Mini-Bikes-Recalled-by-Baia- 
Motorsports/ 

Defense Industrial Base Sector 

Nothing to report 
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Financial Services Sector 



4. September 9, U.S. Securities and Exchange Commission - (National) SEC charges 
BDO and five partners in connection with false and misleading audit opinions. The 
U.S. Securities and Exchange Commission September 9 charged national audit firm 
BDO USA and five of the firm’s partners for allegedly dismissing red flags and issuing 
false and misleading unqualified audit opinions about the financial statements of 
staffing services company General Employment Enterprises regarding $2.3 million 
purportedly invested in a 90-day nonrenewable CD. BDO agreed to pay disgorgement 
of its audit fees and interest totaling approximately $600,000 and pay a $1.5 million 
penalty in addition to complying with undertakings related to its quality controls. 
Source: http ://www . sec . gov/news/pressrelease/20 15-1 84.html 

5. September 9, Reuters - (California) SEC charges father, son, friend with insider 
trading in GE deal. The U.S. Securities and Exchange Commission charged three 
California men September 9 with alleged insider trading ahead of General Electric 
Co.’s $580 million merger with cancer diagnostics company Clarient Co. in 2010 after 
one of the men reportedly learned about the merger from a senior Clarient director. The 
three men agreed to pay a total of $169,485 in fines. 

Source: http://www.reuters.com/article/2015/09/09/sec-insidertrading-general-electric- 
clar-idUSLlNl 1F25F20150909 

6. September 8, Reuters - (National) Bankrate to pay $15 million to settle SEC fraud 
charges. Bankrate Inc., agreed to pay $15 million in a settlement with the U.S. 
Securities and Exchange Commission (SEC) September 8 after its chief financial 
officer, former director of accounting, and former vice president of finance allegedly 
posted artificially inflated financial results in 2012, causing share prices to rise, 
allowing the chief financial officer to sell $2 million of company stock at inflated 
prices. 

Source: http://www.reuters.com/article/2015/09/Q8/us-sec-bankrate- 
idUSKCN0R81U920150908 



For another story, see item 26 

Transportation Systems Sector 

7. September 10, Sarasota Herald-Tribune - (Florida) Motorcyclist dies after accident 
on Kings Highway. Southbound lanes of Kings Highway near Interstate 75 in 
Charlotte County were closed for several hours overnight September 9-10 while 
crews responded to a fatal 2-vehicle accident that left 1 person dead. 

Source: http://www.heraldtribune.com/article/20150910/article/150919999 

8. September 9, Eugene Register-Guard - (Oregon) Woman, 2-year-old killed in 
accident on Highway 99 north of Junction City. Oregon State Police reported 
September 9 that a fatal 2- vehicle accident in Junction City shutdown Highway 99 for 
approximately 4 hours after 2 people were killed and 3 others were injured when a 
vehicle crashed into a semi-truck that lost its tires and jackknifed over both lanes of the 
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highway. 

Source: http://registerguard.com/rg/news/local/33485939-75/one-dead-others- 
entrapped-in-fierv-accident-on-hwy.-99-north-of-iunction-city.csp 

9. September 9, WWTV 9 Cadillac/WWUP 10 Sault Ste. Marie - (Michigan) Portion of 
US 23 in Presque Isle County closed after deadly accident. A portion of U S. 23 in 
Presque Isle County was expected to remain closed for several hours following a fatal 
accident September 9 involving a semi-truck and a vehicle that left 1 person dead and 
another injured. 

Source: http://www.9andl0news.com/story/29991132/portion-of-us-23-in-presque-isle- 
county-closed-after-deadly-accident 

10. September 8, Chicago Sun-Times - (Michigan) Chicago-area rain causes flight 
delays, flood advisory. Airlines at O’ Hare International Airport in Chicago cancelled 
more than 180 flights and experienced at least 35 minute-delays due to severe rain 
storms that moved across the area September 8. 

Source: http://www.fox32chicago.com/news/local/17679485-story 

For additional stories, see items 16 and 18 

Food and Agriculture Sector 

11. September 10, U.S. Environmental Protection Agency - (Iowa) Cargill, Inc., agrees to 
settle Clean Air Act violations at Vitamin E manufacturing facility in Eddyville, 
Iowa. The U.S. Environmental Protection Agency reached a settlement September 9 
with Delaware-based Cargill, Inc., over alleged Clean Air Act violations at its Vitamin 
E manufacturing facility in Eddyville, Iowa, after the company used methyl tertiary 
butyl ether, and formaldehyde to produce Vitamin E and similar compounds from 
soybean byproducts without complying with specific Federal requirements, creating the 
potential for excess emissions of hazardous air pollutants. The company will pay a civil 
penalty of $1 10,000 and will perform an Enhanced Leak Detection and Repair project 
at the Eddyville facility for a period of 1 year. 

Source: 

http://vosemite.epa.gOv/opa/admpress.nsf/0/54BB9CC628F00A8385257EBB0075914 

D 

12. September 9, KOVR 13 Stockton - (California) Sac Fire: 1,000 gallons of sodium 
hydroxide spills at Natomas facility. Officials reported September 9 that HAZMAT 
crews were working to clean up about 100 - 200 gallons of sodium hydroxide that 
spilled onto the floor at an Aramark facility in Natomas after about 1,000 gallons of the 
chemical spilled into a container, prompting an evacuation of the building. 

Source: http://sacramento.cbslocal.com/2015/09/09/sac-fire-1000-gallons-of-sodium- 
hydroxide-spills-at-natomas-facility/ 

13. September 9, U.S. Department of Agriculture - (National) Oilli Salumeria 
Americana, LLC recalls pork products due to misbranding. The Food Safety and 
Inspection Service reported September 8 that Olli Salumeria Americana, LLC issued a 
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recall for 5,391 pounds of salami products due to the products being formulated with 
wine that contains sulfites, which was undeclared on labels. The products were sold to 
a chef’s distributor, who then sold the items to restaurants in Chicago, Los Angeles, 
Nevada, and New York. 

Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health- 
alerts/recall-case-archi ve/archive/20 1 5/recall- 1 20-20 1 5-release 



14. September 9, CNN - (National) Salmonella outbreak kills two, sickens hundreds in 
the U.S. Officials reported September 9 that a Salmonella Poona outbreak linked to 
cucumbers grown in Mexico has killed 2 people and sickened 341 people across 30 
States. 

Source: http://www.cnn.com/2015/09/09/health/arizona-salmonella-outbreak/ 

15. September 9, U.S. Food and Drug Administration - (Alaska) Nine Alaska Safeway 
and Carrs stores voluntarily recall deli sandwiches containing cucumbers in 
cooperation with the Andrew and Williamson Fresh Produce recall due to possible 
Salmonella Poona contamination. The U.S. Food and Drug Administration reported 
September 8 that nine Safeway and Carr stores in Alaska are voluntarily recalling 
made-to-order deli sandwiches with cucumbers produced by Andrew and Williamson 
in cooperation with the Andrew and Williamson Fresh Produce Recall of cucumbers 
that may be contaminated with Salmonella Poona. 

Source: http://www.fda.gov/Safety/Recalls/ucm461836.htm 

Water and Wastewater Systems Sector 

16. September 10, U.S. Environmental Protection Agency - (New York) EPA and New 
York state announce ban on dumping sewage from boats into Cayuga and Seneca 
Lakes and Seneca River. The U.S. Environmental Protection Agency and New York 
State Department of Environmental Conservation announced September 9 that all boats 
in Seneca Lake, Cayuga Lake, Seneca River, and all connected navigable tributaries 
were banned from discharging sewage into the waterways after a no discharge zone 
was implemented to help eliminate the release of harmful contaminants and pathogens 
into the bodies of water. 

Source: 

http://vosemite.epa.gOv/opa/admpress.nsf/0/5adcl5d098b9e93485257ebb0054affl 

Healthcare and Public Health Sector 

17. September 9, SC Magazine - (National) Excellus BlueCross BlueShield announces 
breach, 10.5M records at risk. Excellus BlueCross BlueShield and affiliate Lifetime 
Healthcare Companies announced September 9 that hackers gained unauthorized access 
to information technology systems in 2013, potentially compromising the personal, 
financial, and medical information of approximately 10.5 million individuals. Officials 
stated that there was no evidence that the information was removed or used 
inappropriately and an investigation is ongoing. 

Source: http://www.scmagazine.com/excellus-bluecross-blueshield-announces-breach- 
105m-records-at-risk/article/437651/ 
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Government Facilities Sector 



18. September 10, KCRA 3 Sacramento - (California) Thousands still without power as 
Amador County fire grows. Crews reached 20 percent containment September 10 of 
the 4,000-acre Butte Fire burning in Amador and Calaveras counties. The fire prompted 
evacuation orders, the cancellation of classes at several area schools, non-operational 
bus routes, and over 12,000 utility customers to lose power. 

Source: http://www.kcra.com/news/local-news/news-sacramento/thousands-still- 
without-power-as-amador-county-fire-grows/35 196294 

19. September 9, WGRZ 2 Buffalo - (New York) Day, evening classes cancelled at UB 
South Campus. A campus-wide power outage prompted the cancellation of day and 
evening classes at University of Buffalo South Campus in New York September 9. 
Source: http://www.wgrz.com/storv/news/local/2015/09/09/power-outage—ub-south- 
campus/7 1925970/ 

For another story, see item 26 

Emergency Services Sector 

20. September 10, NBC News - (Arkansas) Accused killer escapes from Arkansas 
detention center. Authorities are searching for a murder suspect who escaped from the 
Ouachita County Detention Complex in Arkansas September 9 after returning from a 
trip to the hospital. 

Source: http://www.nbcnews.com/news/us-news/accused-killer-escapes-arkansas- 
detention-center-n4247 3 6 



21. September 9, WPVI 6 Philadelphia - (Pennsylvania) Correctional officers indicted 
for allegedly smuggling drugs, phones into Philadelphia prisons. Four current and 
two former correctional officers were charged September 9 in connection to an alleged 
smuggling scheme after an investigation found that the officers were reportedly 
smuggling drugs and cell phones into city jails including Curren-Fromhold in northeast 
Philadelphia. Inmates working for the Federal Government paid between $500 to 
$1,500 in exchange for OxyContin and phones, which were provided by outsiders and 
delivered by the guards. 

Source: http://6abc.com/news/guards-indicted-for-allegedly-smuggling-drugs-cell- 
phones-into-prisons/97 607 1 / 

Information Technology Sector 

22. September 10, Securityweek- (International) SAP updates patch twenty 
vulnerabilities. Germany-based SAP enterprise software maker updated 5 previously 
released patches and issued a new patch addressing 20 vulnerabilities including 8 that 
were missing authorization checks, 6 cross-site scripting (XSS) bugs, an information 
disclosure vulnerability, cross-site forgery (CSRF), remote code execution, SQL 
injection, in addition to other types of attacks. 
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Source: http://www.securityweek.com/sap-updates-patch-twentv-vulnerabilities 



23. September 10, Help Net Security - (International) PIN-changing, screen-locking 
Android ransomware. ESET researchers found a piece of ransomware that locks 
Android users out of their devices by changing the personal identification number 
(PIN) via masquerading as an app to view adult videos. Once users download and 
install the malicious app the LockerPin trojan prompts the user to install a patch for the 
app which unknowingly activates the Device Administrator privileges while appearing 
as an alleged message from the FBI asking the victim to pay a $500 fine to regain 
access to the device. 

Source: http://www.net-securitv.org/malware news.php?id=3097 

24. September 9, Softpedia - (International) Russian hacking group uses satellites to 
hide C&C servers. Kaspersky Labs announced that the Turla advanced persistent 
threat (APT) group utilizes design flaws on older communications satellites, allowing 
the group to intercept Internet traffic and use it to hide the location of their command- 
and-control (C&C) servers. The group can reportedly launch man-in-the- middle 
(MitM) attacks and intercept traffic through satellite dishes located in areas were the 
unencrypted satellites provide coverage. 

Source: http://news.softpedia.com/news/russian-hacking-group-uses-satellites-to-hide- 
c-c-servers-491352.shtml 



25. September 9, Softpedia - (International) Zimperium releases exploit code for testing 
against Stagefright vulnerability. Zimperium released its Stagefright exploit code and 
Python script, allowing security experts, phone vendors, and users to test if their 
devices are vulnerable to the Stagefright bug, which affects over 95 percent of all 
Android devices running versions 2.2 or higher. 

Source: http://news.softpedia.com/news/zimperium-releases-exploit-code-for-testing- 
against-stagefright-vulnerability-49 1 36 1 .shtml 

26. September 9, Securityweek - (International) DD4BC extortionist group launched 
over 140 DDoS attacks: Akamai. A report published by Akamai Technologies’ 
Prolexic Security Engineering and Response Team (PLXert) found that the extortionist 
group DD4BC, who led a distributed denial-of-service (DDoS) attack against several 
organizations and demanded Bitcoin payments, launched a total of 141 attacks between 
September 2015 and August 2015, with 58 percent of attacks targeting financial service 
institutions. The report also found that that group now utilizes social media platforms to 
expose and threaten targeted organizations in addition to the DDoS attack. 

Source: http://www.securitvweek.com/dd4bc-extortionist-group-launched-over-140- 
ddos-attacks-akamai 



Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 
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Communications Sector 



See item 26 

Commercial Facilities Sector 

See item 26 

Dams Sector 

27. September 9, KXII 12 Sherman - (Oklahoma) Repairs slated to begin on 

Cumberland Levee. The U.S. Army Corps of Engineers reported September 9 that the 
first phase of a two-phase $3.2 million construction project to repair the Cumberland 
Levee system in Oklahoma will begin early October after a breach occurred during 
recent flooding. Officials advised the public to avoid construction areas as power lines, 
utility poles, oil and gas equipment, and floating debris could cause injury. 

Source: http://www.kxii.com/home/headlines/Repairs-slated-to-begin-on-Cumberland- 
Levee-326103151.html 
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Department of Homeland Security (DHS) 

DHS Daily Open Source Infrastructure Report Contact Information 

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday 
through Friday] summary of open-source published information concerning significant critical 
infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for 10 days on 
the Department of Homeland Security Web site: http://www.dhs.gov/lPDailyReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support @ govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert. gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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